def check_rsrc(self, pe):
ret = {}
if hasattr(pe, 'DIRECTORY_ENTRY_RESOURCE'):
i = 0
for resource_type in pe.DIRECTORY_ENTRY_RESOURCE.entries:
if resource_type.name is not None:
name = "%s" % resource_type.name
else:
name = "%s" % pefile.RESOURCE_TYPE.get(resource_type.struct.Id)
if name == None:
name = "%d" % resource_type.struct.Id
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
data = pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
filetype = get_filetype(data)
lang = pefile.LANG.get(resource_lang.data.lang, '*unknown*')
sublang = pefile.get_sublang_name_for_lang( resource_lang.data.lang, resource_lang.data.sublang )
ret[i] = (name, resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size, filetype, lang, sublang)
i += 1
return ret
python类get_sublang_name_for_lang()的实例源码
def check_rsrc(self, pe):
ret = {}
if hasattr(pe, 'DIRECTORY_ENTRY_RESOURCE'):
i = 0
for resource_type in pe.DIRECTORY_ENTRY_RESOURCE.entries:
if resource_type.name is not None:
name = "%s" % resource_type.name
else:
name = "%s" % pefile.RESOURCE_TYPE.get(resource_type.struct.Id)
if name == None:
name = "%d" % resource_type.struct.Id
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
data = pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
filetype = get_filetype(data)
lang = pefile.LANG.get(resource_lang.data.lang, '*unknown*')
sublang = pefile.get_sublang_name_for_lang( resource_lang.data.lang, resource_lang.data.sublang )
ret[i] = (name, resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size, filetype, lang, sublang)
i += 1
return ret
def resource(level, r):
"""Recursive printing of resources"""
if hasattr(r, "data"):
# resource
offset = r.data.struct.OffsetToData
size = r.data.struct.Size
data = pe.get_memory_mapped_image()[offset:offset+size]
m = hashlib.md5()
m.update(data)
print(" "*level + "-%s\t%i\t%i\t%s\t%s\t%s" % (
str(r.name),
r.id,
size,
m.hexdigest(),
pefile.LANG.get(r.data.lang, 'UNKNOWN'),
pefile.get_sublang_name_for_lang(r.data.lang, r.data.sublang)
)
)
else:
# directory
if r.name is None:
print(" "*level + "-" + str(r.id))
else:
print(" "*level + "-" + str(r.name))
for r2 in r.directory.entries:
resource(level+1, r2)
def _get_resources(self):
"""Get resources.
@return: resources dict or None.
"""
resources = []
if hasattr(self.pe, "DIRECTORY_ENTRY_RESOURCE"):
for resource_type in self.pe.DIRECTORY_ENTRY_RESOURCE.entries:
try:
resource = {}
if resource_type.name is not None:
name = str(resource_type.name)
else:
name = str(pefile.RESOURCE_TYPE.get(resource_type.struct.Id))
if hasattr(resource_type, "directory"):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, "directory"):
for resource_lang in resource_id.directory.entries:
data = self.pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
filetype = self._get_filetype(data)
language = pefile.LANG.get(resource_lang.data.lang, None)
sublanguage = pefile.get_sublang_name_for_lang(resource_lang.data.lang, resource_lang.data.sublang)
resource["name"] = name
resource["offset"] = "0x{0:08x}".format(resource_lang.data.struct.OffsetToData)
resource["size"] = "0x{0:08x}".format(resource_lang.data.struct.Size)
resource["filetype"] = filetype
resource["language"] = language
resource["sublanguage"] = sublanguage
resources.append(resource)
except:
continue
return resources
def _get_resources(self):
"""Get resources.
@return: resources dict or None.
"""
if not self.pe:
return None
resources = []
if hasattr(self.pe, "DIRECTORY_ENTRY_RESOURCE"):
for resource_type in self.pe.DIRECTORY_ENTRY_RESOURCE.entries:
try:
resource = {}
if resource_type.name is not None:
name = str(resource_type.name)
else:
name = str(pefile.RESOURCE_TYPE.get(resource_type.struct.Id))
if hasattr(resource_type, "directory"):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, "directory"):
for resource_lang in resource_id.directory.entries:
data = self.pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
filetype = _get_filetype(data)
language = pefile.LANG.get(resource_lang.data.lang, None)
sublanguage = pefile.get_sublang_name_for_lang(resource_lang.data.lang, resource_lang.data.sublang)
resource["name"] = name
resource["offset"] = "0x{0:08x}".format(resource_lang.data.struct.OffsetToData)
resource["size"] = "0x{0:08x}".format(resource_lang.data.struct.Size)
resource["filetype"] = filetype
resource["language"] = language
resource["sublanguage"] = sublanguage
resource["entropy"] = "{0:.02f}".format(float(_get_entropy(data)))
resources.append(resource)
except:
continue
return resources
def process(self):
pelib = self._getLibrary(PEFileModule().getName())
if(pelib is None):
return ""
ret = []
if hasattr(pelib, 'DIRECTORY_ENTRY_RESOURCE'):
i = 0
for resource_type in pelib.DIRECTORY_ENTRY_RESOURCE.entries:
if resource_type.name is not None:
name = "%s" % resource_type.name
else:
name = "%s" % pefile.RESOURCE_TYPE.get(
resource_type.struct.Id)
if name is None:
name = "%d" % resource_type.struct.Id
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
try:
data = pelib.get_data(
resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
# fd=open(name,'wb')
# fd.write(data)
# (data)
except pefile.PEFormatError:
return "corrupt"
filetype = MIME_TYPE(data, False)
lang = pefile.LANG.get(
resource_lang.data.lang, 'unknown')
sublang = pefile.get_sublang_name_for_lang(
resource_lang.data.lang, resource_lang.data.sublang)
entry = {}
entry["name"] = self._normalize(name)
entry["rva"] = self._normalize(
hex(resource_lang.data.struct.OffsetToData))
entry["size"] = self._normalize(
hex(resource_lang.data.struct.Size))
entry["type"] = self._normalize(filetype)
entry["lang"] = self._normalize(lang)
entry["sublang"] = self._normalize(sublang)
entry["sha1"] = SHA1(data)
ret.append(entry)
return ret
